low level code and high level theorems
play

Low-Level Code and High-Level Theorems Sascha Bhme Technische - PowerPoint PPT Presentation

Aug 31, 2023 •136 likes •717 views

Low-Level Code and High-Level Theorems Sascha Bhme Technische Universitt Mnchen, Germany Joint work with Eyad Alkassar 1 , Ernie Cohen 2 , Kurt Mehlhorn 3 and Christine Rizkallah 3 1 Universitt des Saarlandes, Germany 2 European Microsoft

  1. Low-Level Code and High-Level Theorems Sascha Böhme Technische Universität München, Germany Joint work with Eyad Alkassar 1 , Ernie Cohen 2 , Kurt Mehlhorn 3 and Christine Rizkallah 3 1 Universität des Saarlandes, Germany 2 European Microsoft Innovation Center, Aachen, Germany 3 Max-Planck-Institut für Informatik, Saarbrücken, Germany 1

  2. C code 2

  3. program C code verification 2

  4. theorem program C code verification 2

  5. interactive theorem theorem prover program C code verification 2

  6. interactive theorem theorem prover program C code verification 2

  7. Isabelle/HOL interactive theorem theorem prover program C code verification VCC 2

  8. VCC: ◮ assertional verifier for full C ◮ first-order logic as specification language ◮ fully automatic thanks to Boogie and Z3 ◮ specification by code annotations ◮ function contracts, object invariants ◮ ghost code, ghost functions 3

  9. VCC: ◮ assertional verifier for full C ◮ first-order logic as specification language ◮ fully automatic thanks to Boogie and Z3 ◮ specification by code annotations ◮ function contracts, object invariants ◮ ghost code, ghost functions Isabelle/HOL: ◮ interactive theorem prover for higher-order logic ◮ rich set of formalized mathematics ◮ various automated provers 3

  10. Isabelle/HOL interactive theorem theorem prover program C code verification VCC 4

  11. Isabelle/HOL interactive theorem theorem prover LEDA graph algorithms program C code verification VCC 4

  12. LEDA graph algorithms 4

  13. 5

  14. Programmers 5

  15. Social programmers Graph 5

  16. Pair programming Matching 5

  17. Optimal pair programming Maximum cardinality matching 5

  18. Definitions Matching: ◮ a graph ◮ no edge is incident to another edge 6

  19. Definitions Matching: ◮ a graph ◮ no edge is incident to another edge Odd-set cover: ◮ labeling of nodes ◮ every edge is incident to a node labeled 1 or connects two nodes labeled i (with i ≥ 2) 6

  20. Optimal pair programming Maximum cardinality matching 7

  21. Certificate Odd-set cover 1 0 1 0 2 2 1 2 0 7

  22. Theorem The maximum cardinality of a graph matching is � ⌊ n i / 2 ⌋ n 1 + i ≥ 2 where n i is the number of nodes labeled i by an odd-set cover. 8

  23. LEDA graph algorithms 9

  24. Isabelle/HOL interactive theorem theorem prover LEDA graph algorithms program C code verification VCC 9

  25. LEDA graph algorithms program C code verification VCC 9

  26. Maximum Cardinality Matching Checker C Code 10

  27. Maximum Cardinality Matching Checker C Code Given: ◮ graph G ◮ graph M (maximum cardinality matching) ◮ labeling OSC (odd-set cover) 10

  28. Maximum Cardinality Matching Checker C Code Given: ◮ graph G ◮ graph M (maximum cardinality matching) ◮ labeling OSC (odd-set cover) Check: ◮ M is a matching ◮ M is a subset of G ◮ OSC is an odd-set cover of G ◮ M is maximal wrt. G and OSC 10

  29. Maximum Cardinality Matching Checker C Code Given: ◮ graph G ◮ graph M (maximum cardinality matching) ◮ labeling OSC (odd-set cover) Check: ◮ M is a matching ◮ M is a subset of G ◮ OSC is an odd-set cover of G ◮ M is maximal wrt. G and OSC Implementation: ◮ straightforward 10

  30. Maximum Cardinality Matching Checker Specification struct graph { edge * es; unsigned n_edges, n_nodes; } 11

  31. Maximum Cardinality Matching Checker Specification struct graph { edge * es; unsigned n_edges, n_nodes; invariant( ∀ (unsigned e; e < n_edges − → es[e].s < n_nodes ∧ es[e].t < n_nodes ∧ es[e].s � = es[e].t)) } 11

  32. Maximum Cardinality Matching Checker Specification struct graph { edge * es; unsigned n_edges, n_nodes; invariant( ∀ (unsigned e; e < n_edges − → es[e].s < n_nodes ∧ es[e].t < n_nodes ∧ es[e].s � = es[e].t)) } spec(bool spec_is_osc(graph * G, unsigned * osc) returns(... ∧ ∀ (unsigned e; e < G->n_edges − → osc[G->es[e].s] = 1 ∨ osc[G->es[e].t] = 1 ∨ (osc[G->es[e].t] = osc[G->es[e].s] ∧ osc[G->es[e].t] > 1)));) 11

  33. What is proved? check(G, M, osc) = true ← → |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ 12

  34. What is proved? check(G, M, osc) = true ← → |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ What is missing? |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ − → ( ∀ M’. is_matching(M’) ∧ is_subset(G,M’) − → |M’| ≤ |M|) 12

  35. What is proved? check(G, M, osc) = true ← → |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ What is missing? |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ − → ( ∀ M’. is_matching(M’) ∧ is_subset(G,M’) − → |M’| ≤ |M|) VCC: ◮ good at low-level code verification ◮ not much support for high-level proofs 12

  36. What is proved? check(G, M, osc) = true ← → |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ What is missing? |M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ − → ( ∀ M’. is_matching(M’) ∧ is_subset(G,M’) − → |M’| ≤ |M|) VCC: ◮ good at low-level code verification ◮ not much support for high-level proofs Requires abstraction! 12

  37. LEDA graph algorithms program C code verification VCC 13

  38. Isabelle/HOL interactive theorem theorem prover LEDA graph algorithms program C code verification VCC 13

  39. Isabelle/HOL interactive theorem theorem prover program C code verification VCC 13

  40. 14

  41. Isabelle/HOL VCC 14

  42. Isabelle/HOL VCC concrete assert(p(x)); property 14

  43. Isabelle/HOL VCC abstract spec(bool P(X) returns(...);) property concrete assert(p(x)); property 14

  44. Isabelle/HOL VCC abstract spec(bool P(X) returns(...);) property spec(void P_equivalence(x) ensures(p(x) ⇐ ⇒ P(abs(x)));) concrete assert(p(x)); property 14

  45. Isabelle/HOL VCC abstract spec(bool P(X) returns(...);) property spec(void P_holds(X) ensures(P(X));) spec(void P_equivalence(x) ensures(p(x) ⇐ ⇒ P(abs(x)));) concrete assert(p(x)); property 14

  46. Isabelle/HOL formal definition P where “P(X) = . . . ” theorem P_holds: “P(X)” � proof � proof VCC abstract spec(bool P(X) returns(...);) property spec(void P_holds(X) ensures(P(X));) spec(void P_equivalence(x) ensures(p(x) ⇐ ⇒ P(abs(x)));) concrete assert(p(x)); property 14

  47. Maximum Cardinality Matching Checker VCC 15

  48. Maximum Cardinality Matching Checker VCC struct abs_graph { abs_edge es[mathint]; mathint n_edges, n_nodes; }; 15

  49. Maximum Cardinality Matching Checker VCC struct abs_graph { abs_edge es[mathint]; mathint n_edges, n_nodes; }; spec(abs_graph abs_g(graph * G) ensures(...);) 15

  50. Maximum Cardinality Matching Checker VCC struct abs_graph { abs_edge es[mathint]; mathint n_edges, n_nodes; }; spec(abs_graph abs_g(graph * G) ensures(...);) spec(bool abs_is_osc(abs_graph G, abs_fun osc) ensures(...);) 15

  51. Maximum Cardinality Matching Checker VCC struct abs_graph { abs_edge es[mathint]; mathint n_edges, n_nodes; }; spec(abs_graph abs_g(graph * G) ensures(...);) spec(bool abs_is_osc(abs_graph G, abs_fun osc) ensures(...);) void is_osc_equivalence(graph * G, unsigned * osc) ensures( spec_is_osc(G, osc) ⇐ ⇒ abs_is_osc(abs_g(G), abs_f(osc))); 15

  52. Maximum Cardinality Matching Checker Isabelle/HOL 16

  53. Maximum Cardinality Matching Checker Isabelle/HOL record abs_graph = es :: int ⇒ abs_edge n_edges, n_nodes :: int 16

  54. Maximum Cardinality Matching Checker Isabelle/HOL record abs_graph = es :: int ⇒ abs_edge n_edges, n_nodes :: int definition abs_is_osc where “abs_is_osc G osc = (. . . ∧ ( ∀ e. 0 ≤ e ∧ e < n_edges G − → osc (s (es G e)) = 1 ∨ osc (t (es G e)) = 1 ∨ (osc (t (es G e)) = osc (s (es G e)) ∧ osc (t (es G e)) > 1)))” 16

  55. Maximum Cardinality Matching Checker Isabelle/HOL record abs_graph = es :: int ⇒ abs_edge n_edges, n_nodes :: int definition abs_is_osc where “abs_is_osc G osc = (. . . ∧ ( ∀ e. 0 ≤ e ∧ e < n_edges G − → osc (s (es G e)) = 1 ∨ osc (t (es G e)) = 1 ∨ (osc (t (es G e)) = osc (s (es G e)) ∧ osc (t (es G e)) > 1)))” theorem “|M| = n 1 + � i ≥ 2 ⌊ n i / 2 ⌋ − → ( ∀ M’. is_matching(M’) ∧ is_subset(G,M’) − → |M’| ≤ |M|)” � proof � 16

  56. Combination of VCC and Isabelle/HOL ◮ combines the best of both worlds ◮ low-level code verification with VCC ◮ high-level mathematical reasoning with Isabelle/HOL ◮ sound combination ◮ clean separation of concepts 17

  57. Isabelle/HOL interactive theorem theorem prover program C code verification VCC 18

  58. Isabelle/HOL interactive theorem theorem prover LEDA graph algorithms program C code verification VCC 18

Recommend

High-Level Synthesis Creating Custom Circuits from High-Level Code Hao Zheng Comp Sci &amp; Eng

High-Level Synthesis Creating Custom Circuits from High-Level Code Hao Zheng Comp Sci &amp; Eng

High-Level Synthesis Creating Custom Circuits from High-Level Code Hao Zheng Comp Sci &amp; Eng University of South Florida 1 Existing Design Flow Register-transfer (RT) synthesis Specify RT structure (muxes, registers, etc) Allows

1.29k views • 70 slides
High-Level Languages Languages Assembly vs Machine Code Assembly vs high-level language

High-Level Languages Languages Assembly vs Machine Code Assembly vs high-level language

High-Level Languages Languages Assembly vs Machine Code Assembly vs high-level language Why Learn New Language availability special features porting maintenance more tools required for job cost Why Design a

1.36k views • 54 slides
Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

OOPSLA 18 Boston Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National Univ. Chung-Kil Hur MPI-SWS Ralf Jung Zhengyang Liu University of Utah John Regehr Nuno P. Lopes Microsoft Research

1.3k views • 127 slides
The Problem of Temporal Abstraction How do we connect the high level to the low-level? &quot;

The Problem of Temporal Abstraction How do we connect the high level to the low-level? &quot;

The Problem of Temporal Abstraction How do we connect the high level to the low-level? &quot; the human level to the physical level? &quot; the decide level to the action level? MDPs are great, search is great,

676 views • 31 slides
High-level languages High-level languages are not immune to these problems. Actually, the

High-level languages High-level languages are not immune to these problems. Actually, the

High-level languages High-level languages are not immune to these problems. Actually, the situation is even worse: the compiler might reorder/remove/add memory accesses; and then the hardware will do some relaxed execution. p. 1 Constant

512 views • 26 slides
High-level programming on the GPU with Julia Tim Besard (@maleadt) Yet another high-level

High-level programming on the GPU with Julia Tim Besard (@maleadt) Yet another high-level

Just compile it: High-level programming on the GPU with Julia Tim Besard (@maleadt) Yet another high-level language? julia&gt; function mandel(z) c = z Dynamically typed, high-level syntax maxiter = 80 for n = 1:maxiter if abs(z) &gt; 2

953 views • 44 slides
Welcome! Todays Agenda: DotCloud: profiling &amp; high-level (1) DotCloud: low-level and

Welcome! Todays Agenda: DotCloud: profiling &amp; high-level (1) DotCloud: low-level and

/INFOMOV/ Optimization &amp; Vectorization J. Bikker - Sep-Nov 2015 - Lecture 10: Practical Welcome! Todays Agenda: DotCloud: profiling &amp; high-level (1) DotCloud: low-level and blind stupidity DotCloud: high-level (2)

440 views • 43 slides
Welcome! Todays Agenda: DotCloud: profiling &amp; high-level (1) DotCloud: low-level and

Welcome! Todays Agenda: DotCloud: profiling &amp; high-level (1) DotCloud: low-level and

/INFOMOV/ Optimization &amp; Vectorization J. Bikker - Sep-Nov 2016 - Lecture 13: Practical Welcome! Todays Agenda: DotCloud: profiling &amp; high-level (1) DotCloud: low-level and blind stupidity DotCloud: high-level (2)

1.26k views • 51 slides
HIGH-LEVEL SEARCH Instead of directly solving a High-level Search Methods given probem

HIGH-LEVEL SEARCH Instead of directly solving a High-level Search Methods given probem

HIGH-LEVEL SEARCH: FROM HYPER- HEURISTICS TO ALGORITHM SELECTION MUSTAFA MISIR HIGH-LEVEL SEARCH Instead of directly solving a High-level Search Methods given probem (~instance), Operates upon perform a search on algorithm space

526 views • 23 slides
Introduction to Coding in Python Fermilab - TARGET 2017 Week 1 Low to High Level Programing

Introduction to Coding in Python Fermilab - TARGET 2017 Week 1 Low to High Level Programing

Introduction to Coding in Python Fermilab - TARGET 2017 Week 1 Low to High Level Programing Languages Machine code - computers hardware understand binary numbers Assembly - 1 to 1 mapping to computer instructions (High level) Programming

731 views • 14 slides
Low-Level Memory Optimisations at the High-Level with Ownership-like Annotations Do you want

Low-Level Memory Optimisations at the High-Level with Ownership-like Annotations Do you want

Juliana Franco Martin Hagelin Tobias Wrigstad Sophia Drossopoulou The OHMM framework Low-Level Memory Optimisations at the High-Level with Ownership-like Annotations Do you want fast programs? More cores? More threads? Write better

330 views • 29 slides
UN High UN High UN High UN High- - - -Level Meeting on TB Level Meeting on TB Level Meeting

UN High UN High UN High UN High- - - -Level Meeting on TB Level Meeting on TB Level Meeting

UN High UN High UN High UN High- - - -Level Meeting on TB Level Meeting on TB Level Meeting on TB Level Meeting on TB Berlin, 18 May 2017 Berlin, 18 May 2017 Berlin, 18 May 2017 Berlin, 18 May 2017 Lucica Ditiu and Greg Paton, Stop TB

668 views • 20 slides
Bridging the gap between low level vision and high level tasks

Bridging the gap between low level vision and high level tasks

Bridging the gap between low level vision and high level tasks VALSE 2019-09-18 1 Outline Gated fusion network for single image dehazing , CVPR18 Benchmarks: RESIDE (dehazing), MPID

1k views • 45 slides
Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala MIT CSAIL g i t h u b . c o m / m i t - p l v / fi a t - c

655 views • 53 slides
Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A

Code Shape More on Three-address Code Generation cs5363 1 Machine Code Translation A single language construct can have many implementations many-to-many mappings from high-level source language to low-level target machine language

560 views • 16 slides
1 A Low-Level IR Example Register Transfer Language (RTL) Source code High-level IR (AST)

1 A Low-Level IR Example Register Transfer Language (RTL) Source code High-level IR (AST)

Undergraduate Compilers Review cont... Structure of a Typical Compiler Analysis Synthesis Announcements Advice for the project writeups was posted on the mailing list character stream SVN log will need more than one entry for a one

325 views • 5 slides
INVESTOR + Second level PRESENTATION Third level Fourth level Fifth level F e b r u

INVESTOR + Second level PRESENTATION Third level Fourth level Fifth level F e b r u

Click to edit Master text styles + INVESTOR + Second level PRESENTATION Third level Fourth level Fifth level F e b r u a r y 2 0 1 8 Forward-looking statement This document contains certain forward-looking statements with

1.12k views • 31 slides
UYR Second level Third level Under Your Radar Fourth level Fifth level

UYR Second level Third level Under Your Radar Fourth level Fifth level

Click to edit Master title style Click to edit Master text styles UYR Second level Third level Under Your Radar Fourth level Fifth level Covert Channel &amp; Exfiltration Ali Hadi / Mariam Khader Princess Sumaya

277 views • 25 slides
Introduction to Python Python: very high level language, has high-level data structures built-in

Introduction to Python Python: very high level language, has high-level data structures built-in

Introduction to Python Python: very high level language, has high-level data structures built-in (such as dynamic arrays and dictionaries). easy to use and learn. Can be used for scripting (instead of Perl, awk), or for general programming.

414 views • 14 slides
How to Sell Process Improvement Second level Third level Fourth level Fifth

How to Sell Process Improvement Second level Third level Fourth level Fifth

Click to edit Master text styles How to Sell Process Improvement Second level Third level Fourth level Fifth level Molly Levy Manager, Developmental Quality Engineering DRS Technologies A Finmeccanica Company DRS

439 views • 20 slides
Defining, Transforming, and Exchanging High-Level Schemas My answer: Any schema above the

Defining, Transforming, and Exchanging High-Level Schemas My answer: Any schema above the

What is a High-Level Schema? Defining, Transforming, and Exchanging High-Level Schemas My answer: Any schema above the statement level A guided journey through the outback I see two distinct levels of abstraction: Presented by Michael W.

430 views • 7 slides
Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven

Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven

Scalable Inference and Learning for High-Level Probabilistic Models Guy Van den Broeck KU Leuven Outline Motivation Why high-level representations? Why high-level reasoning? Intuition: Inference rules Liftability theory:

1.96k views • 152 slides
Lecture 4 Machine Code 3. Hardware and Softw are 4. High Level Languages 5. Standard input

Lecture 4 Machine Code 3. Hardware and Softw are 4. High Level Languages 5. Standard input

1. Introduction 2. Binary Representation Lecture 4 Machine Code 3. Hardware and Softw are 4. High Level Languages 5. Standard input and output As we have seen, programs exist as binary 6. Operators, expression and statem ents

354 views • 4 slides
Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Chapter 15 Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and set values in memory Execute portions of program Stop execution when (and where) desired Want debugging tools to operate on

274 views • 9 slides

More recommend